[BUG] Direct eval warnings during OpenNext build process #561
Labels
Comments
It rather indicates that one of your package is using eval |
|
@zeybek Would you have a minimal repro of the issue so that we can identify the package? |
|
got the same issue right now. this is the output currently: ▲ [WARNING] Using direct eval with a bundler is not recommended and may cause problems [direct-eval]
.open-next/server-functions/default/handler.mjs:251510:71:
251510 │ ...edLocations = [], dirname = eval("__dirname"), searchLocati...these are my dependencies if it helps: {
"dependencies": {
"@hookform/resolvers": "^4.1.3",
"@prisma/client": "^6.4.1",
"@radix-ui/react-avatar": "^1.1.3",
"@radix-ui/react-dialog": "^1.1.6",
"@radix-ui/react-label": "^2.1.2",
"@radix-ui/react-popover": "^1.1.6",
"@radix-ui/react-select": "^2.1.6",
"@radix-ui/react-slot": "^1.1.2",
"@radix-ui/react-switch": "^1.1.3",
"@uploadthing/react": "^7.3.0",
"@vercel/analytics": "^1.5.0",
"bcryptjs": "^3.0.2",
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"date-fns": "^3.6.0",
"dotenv": "^16.4.7",
"framer-motion": "^12.5.0",
"lucide-react": "^0.479.0",
"next": "15.2.3",
"next-auth": "^4.24.11",
"next-themes": "^0.4.6",
"react": "^19.0.0",
"react-day-picker": "^9.6.3",
"react-dom": "^19.0.0",
"react-hook-form": "^7.54.2",
"slate": "^0.112.0",
"slate-react": "^0.112.1",
"sonner": "^2.0.1",
"tailwind-merge": "^3.0.2",
"tailwindcss-animate": "^1.0.7",
"uploadthing": "^7.5.2",
"zod": "^3.24.2"
},
"devDependencies": {
"@eslint/eslintrc": "^3",
"@opennextjs/cloudflare": "^1.0.0-beta.2",
"@playwright/test": "^1.51.1",
"@tailwindcss/postcss": "^4",
"@types/bcryptjs": "^2.4.6",
"@types/node": "^20",
"@types/react": "^19",
"@types/react-dom": "^19",
"eslint": "^9",
"eslint-config-next": "15.2.1",
"prisma": "^6.4.1",
"tailwindcss": "^4",
"tsx": "^4.19.3",
"typescript": "^5",
"wrangler": "^4.10.0"
}
} |
|
Closing the issue as no repro has been provided. Feel free to re-open if you add a repro. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
When building with
@opennextjs/cloudflare, the process completes but displays warnings about direct eval usage in the generated code. These warnings indicate that the build process is using direct eval, which can cause problems with bundling, minification, and potentially create security risks.Steps to reproduce
@opennextjs/cloudflareas a dependencyopennextjs-cloudflare build && wrangler devExpected behavior
The build should complete without direct eval warnings, as they indicate potential security vulnerabilities and optimization issues.
@opennextjs/cloudflare version
1.0.0-beta.2
Wrangler version
4.9.1
next info output
Operating System: Platform: darwin Arch: arm64 Version: Darwin Kernel Version 24.3.0: Thu Jan 2 20:24:16 PST 2025; root:xnu-11215.81.4~3/RELEASE_ARM64_T6000 Available memory (MB): 16384 Available CPU cores: 8 Binaries: Node: 22.11.0 npm: 10.9.0 Yarn: N/A pnpm: 10.7.1 Relevant Packages: next: 15.3.0 // Latest available version is detected (15.3.0). eslint-config-next: 15.2.5 react: 19.1.0 react-dom: 19.1.0 typescript: 5.8.3 Next.js Config: output: N/AAdditional context
The warnings come from esbuild, which is used internally by OpenNext during the build process. The direct eval usage appears in the generated handler.mjs file.
While the application builds and functions correctly, using direct eval is problematic because:
This issue doesn't seem to prevent the application from running, but addressing it would improve security and performance in production environments.
The text was updated successfully, but these errors were encountered: